• CRI-O v1.34.0
  • Downloads
  • Changelog since v1.33.0
    • Changes by Kind
      • Bug or Regression
  • Dependencies
    • Added
    • Changed
    • Removed

CRI-O v1.34.0

The release notes have been generated for the commit range v1.33.0…b25f4a8 on Fri, 27 Jun 2025 17:28:52 UTC.

Downloads

Download one of our static release bundles via our Google Cloud Bucket:

• cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz
  • cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sha256sum
  • cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sig
  • cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.cert
  • cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx
  • cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx.sig
  • cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx.cert
• cri-o.arm64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz
  • cri-o.arm64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sha256sum
  • cri-o.arm64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sig
  • cri-o.arm64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.cert
  • cri-o.arm64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx
  • cri-o.arm64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx.sig
  • cri-o.arm64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx.cert
• cri-o.ppc64le.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz
  • cri-o.ppc64le.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sha256sum
  • cri-o.ppc64le.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sig
  • cri-o.ppc64le.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.cert
  • cri-o.ppc64le.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx
  • cri-o.ppc64le.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx.sig
  • cri-o.ppc64le.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx.cert
• cri-o.s390x.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz
  • cri-o.s390x.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sha256sum
  • cri-o.s390x.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sig
  • cri-o.s390x.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.cert
  • cri-o.s390x.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx
  • cri-o.s390x.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx.sig
  • cri-o.s390x.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx.cert

To verify the artifact signatures via cosign, run:

> export COSIGN_EXPERIMENTAL=1
> cosign verify-blob cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz \
    --certificate-identity https://github.com/cri-o/packaging/.github/workflows/obs.yml@refs/heads/main \
    --certificate-oidc-issuer https://token.actions.githubusercontent.com \
    --certificate-github-workflow-repository cri-o/packaging \
    --certificate-github-workflow-ref refs/heads/main \
    --signature cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.sig \
    --certificate cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.cert

To verify the bill of materials (SBOM) in SPDX format using the bom tool, run:

> tar xfz cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz
> bom validate -e cri-o.amd64.b25f4a806e8e44f4fbc483a50a479fb90b8958ff.tar.gz.spdx -d cri-o

Changelog since v1.33.0

Changes by Kind

Bug or Regression

• Fix a bug where CRI-O did not respect cases where the kubelet instructed it to unmask /proc for containers (#9285, @haircommander)
• Fix a potential deadlock when an infra container is taking a long time to exit and the sandbox’s readiness is blocked on the infra container’s opLock (#9188, @haircommander)
• Fix terminal resize race condition (#9246, @sohankunkerkar)
• Fix the bug that pod can’t be terminated when the process is uninterruptible sleep for a while. (#9256, @bitoku)
• Fixed segmentation fault when trying to create a lot of pods at a time. (#9272, @bitoku)
• Fixes a crash introduced in 1.33.0 when cleaning up a pod that uses HostPorts on a system that has either just iptables (but not nftables) or just nftables (but not iptables). (#9222, @danwinship)

Dependencies

Added

• github.com/alibabacloud-go/tea-utils/v2: v2.0.7
• github.com/cenkalti/backoff/v5: v5.0.2
• github.com/go-piv/piv-go/v2: v2.3.0
• github.com/go-viper/mapstructure/v2: v2.2.1
• github.com/google/go-github/v72: v72.0.0
• github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus: v1.0.1
• github.com/grpc-ecosystem/go-grpc-middleware/v2: v2.1.0
• github.com/moby/sys/atomicwriter: v0.1.0
• github.com/redis/go-redis/extra/rediscmd/v9: v9.5.3
• github.com/redis/go-redis/extra/redisotel/v9: v9.5.3
• gitlab.com/gitlab-org/api/client-go: v0.127.0
• go.yaml.in/yaml/v2: v2.4.2
• go.yaml.in/yaml/v3: v3.0.3

Changed

• cel.dev/expr: v0.20.0 → v0.23.0
• cuelabs.dev/go/oci/ociregistry: a39bec0 → b27552d
• cuelang.org/go: v0.9.2 → v0.12.1
• github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider: v0.14.0 → v0.16.1
• github.com/Azure/go-autorest/autorest/adal: v0.9.23 → v0.9.24
• github.com/Azure/go-autorest/autorest/azure/auth: v0.5.12 → v0.5.13
• github.com/Azure/go-autorest/autorest/azure/cli: v0.4.6 → v0.4.7
• github.com/Azure/go-autorest/autorest/date: v0.3.0 → v0.3.1
• github.com/Azure/go-autorest/autorest: v0.11.29 → v0.11.30
• github.com/Azure/go-autorest/logger: v0.2.1 → v0.2.2
• github.com/Azure/go-autorest/tracing: v0.6.0 → v0.6.1
• github.com/CloudNativeAI/model-spec: v0.0.4 → v0.0.6
• github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp: v1.26.0 → v1.27.0
• github.com/agnivade/levenshtein: v1.1.1 → v1.2.1
• github.com/alibabacloud-go/alibabacloud-gateway-spi: v0.0.4 → v0.0.5
• github.com/alibabacloud-go/debug: v1.0.0 → v1.0.1
• github.com/alibabacloud-go/openapi-util: v0.1.0 → v0.1.1
• github.com/alibabacloud-go/tea: v1.2.1 → v1.3.2
• github.com/aliyun/credentials-go: v1.3.2 → v1.4.3
• github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream: v1.6.3 → v1.6.6
• github.com/aws/aws-sdk-go-v2/internal/v4a: v1.3.15 → v1.3.21
• github.com/aws/aws-sdk-go-v2/service/ecr: v1.20.2 → v1.42.0
• github.com/aws/aws-sdk-go-v2/service/ecrpublic: v1.18.2 → v1.32.0
• github.com/aws/aws-sdk-go-v2/service/internal/checksum: v1.3.17 → v1.4.2
• github.com/aws/aws-sdk-go-v2/service/internal/s3shared: v1.17.15 → v1.18.2
• github.com/aws/aws-sdk-go-v2/service/s3: v1.58.3 → v1.65.3
• github.com/aws/smithy-go: v1.22.2 → v1.22.3
• github.com/awslabs/amazon-ecr-credential-helper/ecr-login: 8841054 → v0.9.1
• github.com/buildkite/agent/v3: v3.81.0 → v3.95.1
• github.com/buildkite/go-pipeline: v0.13.1 → v0.13.3
• github.com/buildkite/interpolate: v0.1.3 → v0.1.5
• github.com/buildkite/roko: v1.2.0 → v1.3.1
• github.com/cloudflare/circl: v1.3.7 → v1.6.1
• github.com/cncf/xds/go: 2f00578 → ae57f3c
• github.com/containers/common: v0.63.0 → v0.63.1
• github.com/coreos/go-oidc/v3: v3.13.0 → v3.14.1
• github.com/cpuguy83/go-md2man/v2: v2.0.6 → v2.0.7
• github.com/docker/cli: v28.0.4+incompatible → v28.1.1+incompatible
• github.com/docker/docker: v28.0.4+incompatible → v28.1.1+incompatible
• github.com/eggsampler/acme/v3: v3.6.0 → 0466a02
• github.com/elazarl/goproxy: v1.4.0 → v1.7.2
• github.com/emicklei/go-restful/v3: v3.11.0 → v3.12.2
• github.com/emicklei/proto: v1.12.1 → v1.14.0
• github.com/go-chi/chi/v5: v5.2.1 → v5.2.2
• github.com/go-git/go-git/v5: v5.13.2 → v5.16.0
• github.com/go-jose/go-jose/v3: v3.0.3 → v3.0.4
• github.com/go-logr/logr: v1.4.2 → v1.4.3
• github.com/google/go-containerregistry: v0.20.3 → v0.20.5
• github.com/grpc-ecosystem/grpc-gateway/v2: v2.26.1 → v2.27.1
• github.com/hashicorp/hcl: 5 → 7
• github.com/in-toto/attestation: v1.1.0 → v1.1.1
• github.com/jedisct1/go-minisign: 661be99 → d2f9f49
• github.com/letsencrypt/borp: 6cc6ce5 → a78493c
• github.com/letsencrypt/boulder: de9c061 → 28b49a8
• github.com/miekg/dns: v1.1.58 → v1.1.61
• github.com/mitchellh/mapstructure: v1.5.0 → 8508981
• github.com/montanaflynn/stats: 1bf9dbc → v0.7.1
• github.com/open-policy-agent/opa: v0.68.0 → v1.4.0
• github.com/opencontainers/cgroups: v0.0.2 → v0.0.3
• github.com/opencontainers/runc: v1.2.6 → v1.3.0
• github.com/opencontainers/runtime-tools: 260e151 → 0ea5ed0
• github.com/pelletier/go-toml/v2: v2.2.2 → v2.2.3
• github.com/protocolbuffers/txtpbfmt: 084445f → 1ee4910
• github.com/rogpeppe/go-internal: v1.13.1 → v1.14.1
• github.com/sagikazarmark/locafero: v0.4.0 → v0.7.0
• github.com/sigstore/cosign/v2: v2.4.1 → v2.5.0
• github.com/sigstore/sigstore-go: v0.6.1 → v0.7.1
• github.com/sigstore/sigstore: v1.9.3 → v1.9.4
• github.com/sigstore/timestamp-authority: v1.2.2 → v1.2.5
• github.com/spf13/afero: v1.11.0 → v1.12.0
• github.com/spf13/cast: v1.7.0 → v1.7.1
• github.com/spf13/viper: v1.19.0 → v1.20.1
• github.com/theupdateframework/go-tuf/v2: v2.0.1 → v2.0.2
• github.com/tink-crypto/tink-go/v2: v2.3.0 → v2.4.0
• github.com/urfave/cli/v2: v2.27.6 → v2.27.7
• github.com/vishvananda/netlink: 0e7078e → v1.3.1
• github.com/weppos/publicsuffix-go: 5f1d033 → a8ed110
• github.com/youmark/pkcs8: 1be2e3e → a2c0da2
• github.com/zmap/zlint/v3: v3.6.0 → v3.6.4
• go.mongodb.org/mongo-driver: v1.14.0 → v1.17.3
• go.opentelemetry.io/contrib/detectors/gcp: v1.34.0 → v1.35.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.59.0 → v0.60.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.35.0 → v1.37.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.35.0 → v1.37.0
• go.opentelemetry.io/otel/metric: v1.35.0 → v1.37.0
• go.opentelemetry.io/otel/sdk/metric: v1.34.0 → v1.35.0
• go.opentelemetry.io/otel/sdk: v1.35.0 → v1.37.0
• go.opentelemetry.io/otel/trace: v1.35.0 → v1.37.0
• go.opentelemetry.io/otel: v1.35.0 → v1.37.0
• go.opentelemetry.io/proto/otlp: v1.5.0 → v1.7.0
• golang.org/x/crypto: v0.38.0 → v0.39.0
• golang.org/x/exp: 2d47ceb → dead583
• golang.org/x/mod: v0.24.0 → v0.25.0
• golang.org/x/net: v0.40.0 → v0.41.0
• golang.org/x/oauth2: v0.29.0 → v0.30.0
• golang.org/x/sync: v0.14.0 → v0.15.0
• golang.org/x/text: v0.25.0 → v0.26.0
• golang.org/x/tools: v0.31.0 → v0.33.0
• google.golang.org/genproto/googleapis/api: a0af3ef → 513f239
• google.golang.org/genproto/googleapis/rpc: e70fdf4 → 513f239
• google.golang.org/grpc: v1.72.0 → v1.73.0
• k8s.io/api: v0.33.0 → v0.33.2
• k8s.io/apimachinery: v0.33.0 → v0.33.2
• k8s.io/apiserver: v0.33.0 → v0.33.2
• k8s.io/client-go: v0.33.0 → v0.33.2
• k8s.io/component-base: v0.33.0 → v0.33.2
• k8s.io/cri-api: v0.33.0 → v0.33.2
• k8s.io/cri-client: v0.33.0 → v0.33.2
• k8s.io/kms: v0.33.0 → v0.33.2
• k8s.io/kubelet: v0.33.0 → v0.33.2
• sigs.k8s.io/json: 9aa6b5e → cfa47c3
• sigs.k8s.io/release-sdk: v0.12.2 → v0.12.3
• sigs.k8s.io/yaml: v1.4.0 → v1.5.0

Removed

• github.com/go-piv/piv-go: v1.11.0
• github.com/google/go-github/v60: v60.0.0
• github.com/imdario/mergo: v0.3.16
• github.com/xanzy/go-gitlab: v0.109.0